dependabot · brrygrdn · Apr 25, 2022
@@ -12,62 +12,7 @@ class MetadataFinder < Dependabot::MetadataFinders::Base
       def look_up_source
         return Source.from_url(dependency_source_url) if dependency_source_url
 
-        src_repo = look_up_source_in_nuspec(dependency_nuspec_file)
-        return src_repo if src_repo
-
-        # Fallback to getting source from the search result's projectUrl or licenseUrl.
-        # GitHub Packages doesn't support getting the `.nuspec`, switch to getting
-        # that instead once it is supported.
-        src_repo_from_project
-      end
-
-      def src_repo_from_project
-        source = dependency.requirements.find { |r| r&.fetch(:source) }&.fetch(:source)
-        return unless source
-
-        # Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
-        response = Excon.get(
-          source.fetch(:url),
-          idempotent: true,
-          **SharedHelpers.excon_defaults(headers: auth_header)
-        )
-        return unless response.status == 200
-
-        # Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
-        search_base = extract_search_url(response.body)
-        return unless search_base
-
-        response = Excon.get(
-          search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
-          idempotent: true,
-          **SharedHelpers.excon_defaults(headers: auth_header)
-        )
-        return unless response.status == 200
-
-        # Find a projectUrl or licenseUrl that look like a source URL
-        extract_source_repo(response.body)
-      end
-
-      def extract_search_url(body)
-        JSON.parse(body).
-          fetch("resources", []).
-          find { |r| r.fetch("@type") == "SearchQueryService" }&.
-          fetch("@id")
-      end
-
-      def extract_source_repo(body)
-        JSON.parse(body).fetch("data", []).each do |search_result|
-          next unless search_result["id"].downcase == dependency.name.downcase
-
-          if search_result.fetch("projectUrl")
-            source = Source.from_url(search_result.fetch("projectUrl"))
-            return source unless source.repo.nil?
-          end
-          if search_result.fetch("licenseUrl")
-            source = Source.from_url(search_result.fetch("licenseUrl"))
-            return source unless source.repo.nil?
-          end
-        end
+        look_up_source_in_nuspec(dependency_nuspec_file)
       end
 
       def look_up_source_in_nuspec(nuspec)

@@ -146,18 +146,14 @@
       context "that requires authentication" do
         before do
           stub_request(:get, nuget_url).to_return(status: 404)
-          stub_request(:get, "https://www.myget.org/F/exceptionless/api/v3/index.json").to_return(status: 404)
+          stub_request(:get, nuget_url).
+            with(basic_auth: %w(my passw0rd)).
+            to_return(status: 200, body: nuget_response)
         end
 
         it { is_expected.to be_nil }
 
         context "with details in the credentials" do
-          before do
-            stub_request(:get, nuget_url).
-              with(basic_auth: %w(my passw0rd)).
-              to_return(status: 200, body: nuget_response)
-          end
-
           let(:credentials) do
             [{
               "type" => "git_source",
@@ -175,49 +171,6 @@
           it { is_expected.to eq("https://github.com/dotnet/core-setup") }
         end
       end
-
-      context "that doesn't support .nuspec routes" do
-        before do
-          # registry doesn't support .nuspec route, so returns 404
-          stub_request(:get, nuget_url).to_return(status: 404)
-          # fallback begins by getting the search URL from the index
-          stub_request(:get, "https://www.myget.org/F/exceptionless/api/v3/index.json").
-            to_return(status: 200, body: fixture("nuspecs", "index.json"))
-          # next query for the package at the search URL returned
-          stub_request(:get, "https://azuresearch-usnc.nuget.org/query?prerelease=true&q=microsoft.extensions.dependencymodel&semVerLevel=2.0.0").
-            to_return(status: 200, body: fixture("nuspecs", "microsoft.extensions.depdencymodel-results.json"))
-        end
-
-        # data was extracted from the projectUrl in the search results
-        it { is_expected.to eq "https://github.com/dotnet/core-setup" }
-
-        context "and it fails to get the index" do
-          before do
-            # registry is in a bad state
-            stub_request(:get, nuget_url).to_return(status: 500)
-            # it falls back to get search URL from the index, but it fails too
-            stub_request(:get, "https://www.myget.org/F/exceptionless/api/v3/index.json").
-              to_return(status: 500, body: "internal server error")
-          end
-
-          it { is_expected.to be_nil }
-        end
-
-        context "and it fails to get the search results" do
-          before do
-            # registry doesn't support .nuspec route, so returns 404
-            stub_request(:get, nuget_url).to_return(status: 404)
-            # fallback begins by getting the search URL from the index
-            stub_request(:get, "https://www.myget.org/F/exceptionless/api/v3/index.json").
-              to_return(status: 200, body: fixture("nuspecs", "index.json"))
-            # oops, we're a little overloaded
-            stub_request(:get, "https://azuresearch-usnc.nuget.org/query?prerelease=true&q=microsoft.extensions.dependencymodel&semVerLevel=2.0.0").
-              to_return(status: 503, body: "")
-          end
-
-          it { is_expected.to be_nil }
-        end
-      end
     end
   end
 end